Re: [Full-Disclosure] Symantec, McAfee and Panda ActiveX controls
Date: Wed Apr 07 2004 - 11:43:30 EDT
Dear Thomas Kristensen,
Exploitable overflow in Symantec and Trend Micro were reported in
June/July 2003 by Cesar Cerrudo and fixed by vendors. Nearly same
vulnerability was reported in RAV by Tri Huynh.
http://www.security.nnov.ru/search/news.asp?binid=2922
--Wednesday, April 7, 2004, 4:37:03 PM, you wrote to full-disclosure@lists.netsys.com:
TK> Hi Rafel,
TK> We have analysed the reported vulnerabilities in the Symantec, McAfee
TK> and Panda controls installed by their online scanners.
TK> It appears that your conclusions for Symantec and McAfee are incorrect.
TK> Following your examples seems to only cause null-pointer dereferences
TK> and can therefore only be exploited to crash a browser.
TK> However, the Panda issue is an exploitable heap overflow.
TK> If you have any other information regarding Symantec and McAfee, which
TK> proves that a buffer overflow exists then please publish this.
-- ~/ZARAZA Вечная память святому Патрику! (Твен) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.htmlReceived on Wed Apr 07 12:32:46 2004
This archive was generated by hypermail 2.1.8 : Wed Apr 07 2004 - 13:02:01 EDT
